SEAS Information Security Tips

You may feel like "nothing I have on my computer is worth
protecting, and they wouldn't bother with me anyway." But the
truth is that a vulnerable computer can be the starting point for
other attacks on our network. A hacker may not be interested in
your computer specifically but rather may hijack your computer for
use in remote proxy attacks such as a Distributed Denial of Service
(DDoS), thereby becoming a threat to someone else's computer. Most
attacks come from automated cracking programs which simply try to
break into every machine on the Internet. When they break into one
computer, they copy themselves to that machine so that it can try
to break into yet more machines. So no one is choosing to break
into your machine specifically, but your machine needs to be secure
for the welfare of other computers on the network.

Below are some basic concepts and practices that will not only
protect you and your data, but the whole Penn computing community.
As an Eniac user, you are required to keep your account secure to
protect the entire system.

1. Don't open email attachments, unless you are
expecting them. Don't send
email attachments using any of the extensions listed in the Answers article on Prohibited Attachments, they will
be interpreted as viruses and blocked. Email containing these types of attachments is automatically deleted
and there is no way to recover it.

2. Lock your computer when you are away from your
desk in the office, lab, or college house, even just for a minute. To
lock a Windows machine, press ctrl-alt-delete
and click the "Lock Computer" button.

3. Don't share your password with anyone. If you
have a shared account, use a different password for it. Also, don't
use the same password on different sites. For example, don't use
the same password for your bank account and for your email. Don't
write your passwords down. The best place to keep your passwords
is in your head.

4. Install and run Antivirus software and keep
it up-to-date. Penn provides site-licensed copies of Symantec AntiVirus
to Penn users at no cost. Visit http://www.upenn.edu/computing/virus/ to download a copy. Once it's installed, be sure to run "LiveUpdate"
to get the latest virus signature files on a regular basis. You
can set up LiveUpdate to automatically go out and get updates (see
directions below)

To automate Symantec LiveUpdates:

Right-click on the Symantec shield icon in the lower right corner
of
the display and select "Open Symantec Antivirus". Select
Schedule
Updates from the File pull-down menu. Put a check in the box next
to
"Enable scheduled automatic updates". Click the Schedule
button.
Under Frequency, click the button next to Daily. Select a convenient
time for the updates to take place. Click OK.

7. Make sure your system security settings are
correct. Download and run Microsoft Baseline Security Analyzer. Microsoft released this as a response to the Code Red and Nimda
worms a few years ago. It's designed to identify common security
misconfigurations.

9. If someone gets a message with your address in the "From"
line, this doesn't mean your account was broken into. Similarly,
just because you get a bounced message from a message you never
sent, doesn't mean your account was broken into. Delete these messages,
they are spam.

10. Run the "Shields Up" scan, an Internet
security vulnerability profiling free service. This scan will identify
exposed areas on your computer that intruders could use to probe
and hack into. Open ports make it easy for intruders to steal your
personal information, credit card numbers, and so forth through
your computer's insecure connection to the Internet. Do what you
can to fix the security problems the "Shields Up" scan
reports. There is a lot of helpful information on the site. Go
to "Shields Up" Scan

11. Install a firewall on your computer. CETS
technicians will install and set up a firewall on SEAS staff and
faculty computers located in
SEAS offices.